Slashdot Mirror
Linux and Windows Security Neck and Neck
Linurati writes "According to vnunet.com, Linux and Windows are neck and neck when it comes to security, but 'misleading figures and surveys are muddying the waters.' The article lays blame on both sides for the misleading information." From the article: "...Microsoft had made real progress on security in the past two years, but that the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
"Nothing to see here ... move along"
Now THATS security for you!
It's no longer better, it's now just as good.
Funny, last month people told me it was better. The only quote in the article talks about linux' advantages. Erm. Something's missing.
My little site.
The Pinto dealer down the block said that they have added a couple of air bags on the passenger side doors to get it at par with a Volvo. Coincidence?
Free XBox, PS2
I think there are two main factions here, and the answer for what constitutes better security has slightly different context with significantly different results.
For all of these people their machines are ticking time bombs, and I'm usually the one who gets the call when their world of computer technology explodes. This by itself is reason enough to consider other technologies where by default they are secure. For example, Apple does a good job (not perfect) of making their machines secure... I won't go into great depth -- I'm not a heavy Mac user.
Also, linux by default comes out of the box with decent security. Even if users do try to just use, e.g., KDE an root only, they (as I recall) have to fight off the big red screen background, kind of like the enunciator lights and bells in cars when you don't fasten your seat belts.
So, in the lay community, though Windows carries the popular vote, I think linux out of the box is by far the more secure and safe way to go.
Security in Windows itself had definately improved over the last few years. But almost all of the current and recent vulnerabilities have somehow been related to IE.
Not using IE and using Firefox instead almost completely secures an up-to-date Windows box. Get rid of IE, get rid of 90% of Windows' security problems.
WinXP is still a sitting duck out of the box. You can't patch it until you connect to the internet, unless you've managed to download service packs and critical updates and burn them to CD, which most "normal" people won't think to do. Unless they have a good firewall between them and the rest of the internet, that unpatched XP system will be toast before you can say "Sasser!"
If Windows and Linux are 'neck and neck' when it comes to security, maybe Linux is riding a giraffe How's Windows security stack up next to OpenBSD?
You see? You see? Your stupid minds! Stupid! Stupid!
Maybe for servers, but not home users. When was the last time you saw a home Linux machine 0wn3d?
(Granted, most people who use Linux at home are knowledgeable enough to keep even a Windows machine safe.)
"the increasing number of Linux enthusiasts coming into the market would help the open source alternative in the long run."
I'd say this is precisely the other way around. More users equals bigger target and more potential fuck-ups.
Natlie Portman and Kathy Bates neck and neck when it comes to hotness.
I've kinda been hinting around at this for a long time... I think the MS "TCO" figures are total bull, so that alone makes linux a favorable approach for server environments.... Honestly i say use whatever works best for what you want to do... Linux isn't (as) ready for the desktop, but windows is pretty much really good at it... Linux tends to make a better and more stable server environment for an advanced user... In my experience, windows servers are more confusing to get up and running than linux when compared side by side... Of course other people may have different experiences. AGAIN i say: use whatever works best for what you want to do...
May or may not be true, but if it would nice if I could run as LUA under Windows without having to jump through a bunch of hoops. I'm not talking about 3rd party apps, I'm talking about explorer.exe. There are a lot of little quirks and workarounds you have to deal with, although it's not impossible. It's clear that even XP was not designed with this in mind. Longhorn should do a better job of it. How good remains to be seen. That said, as an semi-experience Linux user, I still have no idea if I am really safe under Linux. Maybe that's because I have not put much effort into it.
When are we going to see an independently funded research studies that will, without bias, give us realistic statistics that will benefit intelligent buying decisions for the general public when debating over classic "windows v linux" implementation?
They are taking security vuln's for redhat EL 3, or suse 9.1, and comparing them to MS Windows. That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
What are we going to do tonight Brain?
This is just gonna generate one or two flame threads, and a multitude of threads of people agreeing with one another about why Linux > OMGMICRO$UX0R!!!!
The sad part is that this very message is probably going to get repeated several times.
yawn...
Generally, bash is superior to python in those environments where python is not installed.
Sex with someone with horable burning VD is just as safe as sex with someone ho doesn't have VD... as long as you apply a symantec branded condom and use critical update cream liberally.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Look out! All the slashdotter will have a heart attack reading this one, and miss the point which was : (fromt he article)
"My hunch would be that Linux still has the edge but it's difficult to tell with all this misleading information being pumped out."
FUD is FUD, and its being given by both side. It happenned in the C64 vs Mac, Mac vs PC, Nintendo VS Sega, XBOX vs PS2 wars, and will continue to happen in everything where nerds is involved.
Those wars are Nerd's answer to woman staffed clothes store. (if you don't get that one, go spend 1 hour in there while your girlfriend shop, and listen to the saleslady dispute who got the sale. Sounds like a Linux vs Windoze Slashdot thread).
They have a herd of poorly paid but diligent slaves (a.k.a. graduate students studying for a Ph.D.). They do excellent work in voluminous quantities and would surely produce an accurate analysis of Linux versus Windows.
Dident i read about windows and 12min of safe time before trouble hits.. Beyond that.. I could have sworn the problem with widows becomming a secure OS was the fact that it was not Open.. thus nobody can tell if it is secure or not. correct me if i'm wrong but the advantage to open source is the barrage of people out there who can see errors and report and patch... windows is more of a trial and error process for secuirty... which by definition is just not secure...
Losers whine about their best, Winners go home to fuck the prom queen
when my windows box guys gets owned 20 minutes after an install and when ie installs spyware on my parents computer, and my redhat fedora box has been on for 1 year with no problems, i don't think there is a comparison. this article is from someone who doesn't use linux so it's fine he is ignorant but the fact it made it on slashdot is flamebait
Where are the proactive security systems for Windows? Sure, Windows by default has a fairly rigorous ACL system by default (at least in comparison to classical Linux ACL's), but trying to measure the security of a system solely on how many exploitable bugs it has is just a poor measurement method. With projects like SELinux, GRSecurity, Pax, different implementations of active bounds checkers as well as stack smashers, and good implementations like Hardened Gentoo (Debian has a hardened project but I havn't tried it) I don't particularly see how Windows has a chance in hell.
I don't know of any person with a Windows box who will hand out an admin account, but there are Gentoo Hardened devs who hand out root on their SELinux test rigs. Why? Because the system is secure enough to hand out root.
Clicky for printer-friendly version. It will probably try to print the page as well.
PS The 'perma-link' option does not appear to work yet.
I want to drag this out as long as possible. Bring me my protractor.
...Microsoft had made real progress on security in the past two years..."
:
Yeah, thats real believable considering Microsoft is holding hands with Claria...
--
Check out the Uncyclopedia.org
The only wiki source for politically incorrect non-information about things like Kitten Huffing and Pong! the Movie !
Please allow me to hate the creator of the 120-character limit: *HATES*. Thank you.
I hate these studies. Saying Linux isn't secure is like saying that fruit isn't red... it depends on what you're looking at. Are we talking about kernels? GNU tools? Common server software?
More importantly, which distribution? Windows comes with f*cking notepad and Solitaire. Linux distributions typically come with an order of magnitude more applications.
I'm on the Gentoo Security Mailing List. I get a few messages each day about vulnerabilities in software. Is each of these a ding on Linux? No, certainly not... it's a piece of software that happens to be available via portage.
If they want to be fair, then every ding on every Windows application counts against Windows.
More importantly, why the hell does every one of these boneheaded articles make it on the front page of Slashdot? Just helps spread the FUD.
Right. Whatever you say. Windows is JUST as secure as Linux.
I don't think its that far from the truth, really. It's like painting.. it's the artist, not the brush. A competent system administrator can secure Windows and keep it secure, just as with Linux. An incompetent sysadmin will fail with both.
Of course, it could be said Windows makes it easier to be incompetent.
and Torjans will run on my Linux boxes
But under Windows XP, I had spyware, malware, virii, BSODs, etc. Under Linux, none of the above. For me, Linux is more secure. Is Windows teh SUXXOR, I don't know, but Linux works better for ME.
insert inflammatory anti-microsoft comment here
In my experience, the (United States) Government makes extensive use of both operating systems. However, I have noticed Windows holds a pretty solid majority--even on server machines. (Again, this is my experience.) This leads me to believe that, yes, Windows can be just as secure.
Girlfriend? Have you wandered onto slashdot by mistake? This site isn't for you, trust me ...
Study Shows One Third of All Studies Are Nonsense!
Crunch!
The figures mentioneed by the hosting company seem to indicate that the discussion is focused on Windows security on the server side, where it is fairly true that Windows can be about as secure as Linux when both are competently managed. In both cases, there will be someone who knows about the systems taking care of them and ensuring that they're properly patched, firewalled, etc. I personally find managing Linux boxes easier, but Windows can be kept secure as a server.
Where Windows still falls down security-wise is on the desktop, where the combination of a vulnerable browser/Office Suite along with the fact that the de facto standard way for desktop users to set up their accounts is with administrator priviledges. That turns what would be a non-existant threat on the server (you shouldn't be doing general surfing or office work on a server) into a major issue. Microsoft has made feeble attempts to encourage users and developers to use limited accounts, but the fact remains that reconfiguring poorly written software to work in a limited account is a major headache that the average desktop user is not willing to put up with.
Microsoft also falls behind [most] Linux systems in that the majority of the software on a Linux box can typically be updated from a single tool (apt-get, yast, urpmi et al) while Windows Update only covers the core OS. Microsoft does have a better system in the works, but that will still only cover MS software.
the guys says "Engates added that his company manages 13,000 servers, roughly half of which are open source and half Microsoft. He claims to see little difference between the security on either platform."
Ya so windows servers are about as secure as linux servers, which is about right if you have an experienced admin that knows what he/she is doing
windows is not secure by default for a typical end user that doesn't know much about security there is no argument
ROFLMAOCOPTER!
The whole "windows gets infected more because more people are targeting it" argument doesn't hold up - otherwise, apache would have more security problems than IIS.
feh. stuff.
If you spend any time at Secunia, you will find all of the leading Operating Systems listed.
One of the things you will notice, is that not all Operating Systems are created equally.
Windows XP is here
http://secunia.com/product/22/
and Redhat 9 is here
http://secunia.com/product/1343/
With the biggest difference being in HOW CRITICAL THE SECURITY DEFECTS ARE and HOW MANY ARE STILL UNPATCHED
Funny, that...
Windows and Linux neck and neck? Not according to these numbers.
--E--
I use Linux on a daily basis for Desktop and server use, and since i'm not a security expert.. I often wonder how the entire process of awareness of exploits and the patching of packages happen. Could someone explain this to me?
Who is the trusted authority?
I'm not the type of guy to bash Microsoft, but I must say I was quite surprised when spyware of some sort infected IE on a fresh and updated install of WinXP. www.google.com was redirected to another site offering spyware removal (What a joke)
you should also remember to evaluate the strength to viruses, non only the number of local/remote root exploits!
Wondering why i am doing so strange posts? I am trying to get a "+5,Flamebait" or "-1,Insightful" rating.
http://science.slashdot.org/article.pl?sid=05/07/1 3/2255243
Studies show that there is a one in three chance this is BS, and a 100% chance we'll see this artical written over and over again in the favor of one or the other. The difference is, the Microsoft are usually the only ones to write articals in which they look better than linux. Perhaps things really are changing.
Go ahead and call me unreliable; reliable is just a synonym for predictable.
A friend's machine is full of spyware. Common users have no knowledge of ad-aware, so what's the point of having your windows "updated" automatically, when you haven't cleaned up the spyware in the first place?
OH, and with the new SP2, you _HAVE_ to connect to the internet to activate your product, so that makes windows CD's either crippled (you can't connect w/o activating, and you can't activate w/o connecting first) or insecure by default. And I bet most of the people haven't gone to the stores to replace their WinXP SP1 CD with SP2.
The *current* build of XP might be more secure, but in general, the whole policies stuff is making that security COMPLETELY USELESS.
A good measure of windows security I'd suggest:
* Percentage of Linux machines in the world infected with spyware? 0.
* Percentage of Windows machines in the world infected with spyware? 80, maybe more.
So which OS is more secure, huh?
Neck and neck, but one guy is a midget :|
"If we hit that bullseye, the rest of the dominos will fall like a house of cards. Checkmate." -Zapp Brannigan
I'll start paying attention to the Linux vs. Windows security debate the next time I get a virus on my Linux box. Nuff said.
Let me just preface this by saying that I generally take articles by research firms with a healthy grain of salt. With that said, I wouldn't be surprised if the report is correct. Mod me down if you like but a properly administered Windows box can be as secure as Linux. I think too often we simply rely on the vendor and distributor to come out with a secure product and then never worry about it once its installed. A key factor in security is the administrator who must maintain these boxes. An out-dated Linux or Windows box is not going to be secure. An experienced administrator should be where security starts, not necessarily the product.
Finally, statistics about Linux is too generalized. I would much prefer a breakdown of Linux distributions since I'm sure some are more secure than other. A lot of exploits are found in non-kernel executables and the distribution is responsible for that. It's not all that useful to say Linux is secure or insecure since there is no one Linux distribution.
EvilCON - Made Famous by
It's take real determination and skill to overlook the obvious: how many tens of thousands of pwned Winduz machines are spewing contagion into the Internet 24x7? How many Linux machines? Nope, sorry, "Windows security" does not exist, and anyone who claims the two are similar is lying or extremely stupid.
Ovum has also said: "Microsoft's .NET technology is at least six months ahead of its rivals" ... "It's more complete, more ready and more widely deployed than any of its web services framework competitors". http://www.aspstreet.com/pr/a.taf/idpr,61991
1 280,21627,00.html
And: "The Common Object Request Broker Architecture (CORBA) is a "doomed" technology that has no hope of matching Microsoft Corp.'s Distributed Common Object Model (DCOM), according to a new report on middleware. "http://www.computerworld.com/news/1997/story/0,1
There is a good article on mozillaquest.com about "Solutions for Identity Theft, Credit/Debit Card Theft, and Personal Information Theft" They take the position the you are better off with Linux than Windows when it comes to privacy and security. I agree. The URL for the article is http://mozillaquest.com/Stories05/Identity-Theft_0 1-Story01.html
"Web browsing and e-mail can open you to all sorts of information theft, credit card theft, debit card theft, and identity theft. Securing your personal information and your computer from access by evildoers via the Internet is something within your control. It is something you can and should do right now!"
"Among the biggest information-theft threats that come from Web surfing and e-mail are cookies, forms, phishing, and scripts such as JavaScript (JS) and Active X controls. Today we show you how to protect yourself against information theft via cookies, scripts, HTML e-mail, and so forth."
It's just like a treasure hunt, except you win back the time it would take you to read the article.
The winner is the first to find the word in the following URL that suggests the value of the article it links to:
http://www.vnunet.com/vnunet/news/2139790/surveys
I have been running a mixture of Windows and Linux boxes at home for more than 10 years. I am conscientious about anti-virus and anti-spyware on the Window's boxes. On the Linux (and an occasional BSD) boxen I just take the normal security of the distro install and update packages regularly. I also, of course, do not log in as root. The bottom line is over the years I have had to battle various vermin on the Windows boxes. I have yet to have a virus or anything like it on the Linux/BSD machines. EVER! I use Linux as my normal OS on my laptop. I am surfing everywhere, constantly checking email. I download lots of programs, install things, etc. NEVER a virus, etc. Give me a break!
Some settling may occur during posting.
I don't think so.
IE and IIS patches are usually counted in the Windows lists.
As to Office, sharepoint, Office (nice one), Project, all MS games and SQL server, I have NONE of those things on my machine, same as many others. They do cost money, and many people don't have them. So why should they be counted as Windows problems?
Counting the bugs in bundled games like Minesweeper and Hearts is fair game. But counting Age of Empires doesn't make any sense.
We can rank the vulnurabilities in non-bundled games separately. I'll get started on the 50,000 Windows games, while you do Tux Racer and Quake 3. Okay?
http://lkml.org/lkml/2005/8/20/95
It will continue to be impossible to secure any version of Microsoft Windows until that company changes their design philosophy of mingling various unrelated tasks directly into the operating system.
The latest example is their plan to integrate RSS feeds into Littlebighorn (due out next near, whether it's ready or not). Lookie, boys and girls, a whole new way to infest Windows with viruses and malware. We haven't got the old holes plugged yet, but here we are planning to make new ones! You gotta love innovation at work.
Until they stop this "I'm OK, you're ok, so let's share" design philosophy, and get a little more paranoid, Windows will always be the easier target for the Internet's criminals and malcontents.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
With 95% of the world's desktop market, they would also have 95% of the available funds for security R&D. With that much funding, no one should even be able to come close to their security. Of course, we all know this is not so.
Since you are so obviously willing to denounce this author's article, and claim that you know meaningful data when you see it, could you please write us a more informative article? Rather than launch an "ad hominem"-style attack on the article, write us an article using all your glorious expertise.
Cyric Zndovzny at your service.
A competent system administrator can secure Windows and keep it secure, just as with Linux. An incompetent sysadmin will fail with both.
I'm not sure that is true. I mean sure anything can be secure if you unplug it, but can a Windows machine be as secure while still as functional as a Linux machine? The first suggestions you hear for securing windows are install updates and put it behind a firewall. That's good advice for any system, but a firewall should be an extra layer of security, not a necessary one. If your only solution for securing Windows is put it behind a firewall that is running a different OS, well then that is a pretty big argument against it's security.
P.S. an expert can kill you with a fountain pen from 10 yards, that does not mean the army should not issue guns.
or mostly BS.
1. Compare WinXP operation system to the whole distribution is stupid.
2. Where from the heck those viruses spread ?
3. Look the secunia lists (www.secunia.com)
WinXP Pro (only OS):
Unpatched 21 of 84 total
Etremely or Highly Critical 30 of 84 total
Remotely exploited 52 of 84 total
Debian Sarge (OS and many, MANY, applications!):
Unpatched 10 of 26 total
Etremely or Highly Critical 4 of 26 total
Remotely exploited 18 of 26 total
Comment removed based on user account deletion
I don't know if it's still available, but you could get XP Service Pack 2 on a CD. Earlier, Microsoft experimented with putting updates for 98, ME, NT, 2000, and XP on a single CD (and sent it out for free). This kind of CD is great to have in the old kit bag, since you can stay disconnected from the internet until you've applied most of the important patches.
I don't know why Microsoft abandoned the idea of periodic OS updates on CD. Maybe too many people asked for them. I don't think you could buy the resulting good PR that cheaply. Alternately, they could post quarterly the ISO images, and encourage people to spread them around.
Anyway, that's my 1.99856714 cents worth.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Or rather, Windows is easier to use, so may include more incompetents.
I have never *once* had a security issue with Linux. But then again, I've been trying to use various versions of it for 10 years, and I've never gotten a working box. The last Ubuntu install I did, I ended up at a command prompt at the end of the install. Now, *that's* security!
Also, my bicycle has never caught fire, while my car did once. My bicycle is *much* more fireproof than my car is!
I don't respond to AC's.
re: point 3, why not?
ox -> oxen, why not box-> boxen?
It's not like the "rules" of English are any more consistent elsewhere.
Though I think that boci would be equally appropriate (latin, "vox" -> "voci").
Just thinking, is it really that the Linux OS is more secure or is it that the % of knowledgeable users using windows is lower the % of knowledgeable users using Linux?
IMO Most of "Windows" issues are users: downloading this screen saver, installing that searchbar - running that "Funny" email attachment - Linux users tend to not do stupid stuff like clicking on the "Click here to scan your system!" links....
Bottom line - windows is for the Masses - MS tries to make it user friendly and idiot proof, but I guess they keep coming up with better idiots.
The article reads like this:
Well, I think that Windows security has improved.
There are so many opionions out there, that it's hard to tell what the truth is.
I think that Linux still offers slightly more security.
Microsoft's patches are better...
I think.
It sounds to me like somebody just expressing an opinion that they have. This really isn't news at all, and doesn't even offer any insightful information.
Linux/Open Source/Anti Microsoft News
No, I haven't RTFA, and I don't need to. The claim that Windows and Linux are equal with regards to security doesn't even deserve laughter. A person only needs to use Windows XP online for a few hours, and then compare it with virtually any other Linux distribution available in order to see how this claim is a complete lie.
It's a testament to the complete amorality of many analytical companies that they would even attempt to make a claim like this. Vnunet are obviously completely devoid of any kind of professional integrity, and as such, their analysis can only be considered utterly worthless. Unfortunately however, vnunet are not the only company willing to make such claims. These companies believe that they need to rely on Microsoft's monopoly for their livelihood, and so are willing to go to truly amazing lengths to try to maintain the perception that Microsoft are still on top, despite enormous evidence to the contrary.
" It's funny how people think. Since neither product is 100% secure, they both think they're equally insecure. This logic is as stupid as saying "reading slashdot is just as dangerous as motorcycle racing, because I could get hit by meteor and die either way". Clearly one of the products has more serious exploits than the other and has caused more loss to businesses, but some people just don't want to admint that."
How do you conclude Windows has more serious flaws than Linux. I've seen no evidence to support that claim. In fact a major security flaw in Kerberos was just announced (that isn't in the MS version). Your post is just anti-MS FUD
Vote for Pedro
You can't have an unbiased non-profit organization perform a TCO on Windows vs. Linux. Why? Because every company is different.
They provide different services, products, etc. So the TCO is different for every single company because they are going to use Windows or Linux differently. They have different entrenched processes, they have different skill sets for their employees, it's just all different.
Geeze what a surprise. No progress in the past 2 years? Can't say that, they've made great progress. Comparing windows update with redhat up2date or yum, MS beats them hands down. Why haven't you seen a big problem with security in linux? Because compared to MS, no one is using it? Assholes won't right programs do wreck havoc because they aren't targeting as many people. After just moving some servers, windows came up fine, linux servers are bitching because of a minor version kernel update, now some drivers have to be recompiled. Yea, go linux...
"I'm not sure that is true. I mean sure anything can be secure if you unplug it, but can a Windows machine be as secure while still as functional as a Linux machine? "
Linux isn't secure. Check your assumptions.
Vote for Pedro
I'd agree that a fully patched and protected Windows server is about as secure as a default install of a Slackware server
The difference is the Slackware machinbe won't become a security problem when a user sits down and starts surfing the web.
As many point out, novice users with IE/Outlook are the main entry point for windows viruses.
Hey, perhaps someone could set up a public test:
Set up an internet cafe with say 10 XP machines, fully loaded for virus bear and 10 Linux Machines,
Then keep a live scorecard for how long all 20 machines keep clean and functioning. Let Vegas in on this, and place your bets!
Or hey, do it as a docu-tainment independent video similar to "supersize me"...
Hey Cringely, there's an idea for your new downloadable TV show!
Bavarian Purity Law of Rice Krispie Squares: Rice Krispies, Marshmallows, Butter, Vanilla.
Am I missing something? I would not attempt to dispute what he says, but what criteria does he use for that statement? Number of crashes, Technician time to re-boot/reload after an incident. Number of Viruses that get through? How many times the box is hacked?
For an article titled "Linux and Windows Security Neck and Neck", I expect to see more than just "servers....no difference..."
Apparently I am not the only one that thinks security is not just the server level. Nearly all the (on topic) comments talk about win boxes that startup with admin priviledges. The real security problem seems to be at the user level, not the server level. A good admin (or group of admins for 13000 servers) can setup and take either box to maximum security. The home user, (not lazy, not ignorant as one post call them) is not an IT person. If the box comes with a setup that makes it less secure, that is probably the only thing that will ever get setup.
My opinion is that security is not just MS or LINUX. It is based on the person that installs and sets up the OS. I would bet that any good admin can set-up and make either OS very secure or very in-secure. If a secure box is delivered to the home user, it will probably remain secure. Otherwise, it will probably end up helping send SPAM.
Look at what's actually happening, from http://www.us-cert.gov/cas/bulletins/SB05-194.html #trends;
Top Ten Virus Threats
All Win32 Worms. Pick any security site, and look at the top 10 threats. Then tell me which OS is the most secure. We can argue all day about the reasons, the facts speak for themselves.
I work in a world where I am responsible for about 100 servers, most of which run Windows 2000/2003, but a handful of which run CentOS 4 (RHEL4).
:
I have to say that either operating system is secure in the hands of a knowledgeable administrator. The key difference is simply that Linux can be made more secure by someone with ample experience, whereas Windows can be made moderately secure much more easily.
Let me explain. In the Linux world, because everything is open source, a very knowledgeable person can strip away `features` from the operating system, leaving fewer areas which could possibility contain security holes. In doesn't matter whether the NFS server has a security hole, if the NFS server isn't running, or even installed. To be more specific, a very knowledgeable person could even recompile their kernel, etc, such that the only things that will run on the box is that which is intended. A box configured for single use is easy to secure because then there are only a handful of areas which can be exploited. Because of this limited number, there are then only a handful of lists/newsgroups that need to be monitored for security updates.
Windows on the other hand posseses the advantage that Microsoft stands behind their product, and says apply these patches, and your secure. Therefore, to make a `relatively` secure machine is very easy. Just run auto-update regularly, and your secure. On the other hand, taking security to the next level. The level described above is almost imposible. You can't eliminate features from the Windows kernel by recompiling. Nor is it easy to pick and choose which DLL's get installed with the operating system. The result is a bigger window of opertunity for an exploit to be discovered which can then be used on your system. Now it is still possible to disable services, etc, but that is a more difficult task in Windows because of the interconnectivity. In the Linux world, because most components are developed by different people, they have few dependancies. This isn't true in the Windows world, and that makes it more difficult to lock down.
My point is that if there are three security levels, secure, very secure, and air tight. It is easier to get to the first level with Windows, but easier to get past the first level, to the second level and third levels with Linux. Granted large corporations can afford to modify Windows to get the other levels of security, but its more difficult because Windows is such a closed environment.
I've rambled enough. A good article on locking down a Linux box can be found here
http://www.puschitz.com/SecuringLinux.shtml
Monetary dependence is not the only thing that screws research. Often times the problem lies with the reader, who wants a hard and fast answer to every scientific question. Try subscribing to a journal some time and reading the abstracts of some papers. After a while, you can find a paper that supports what ever you want. Is it because the researchers were bribed? Not necessarily. Often it's because the issue being tested is more complex than it seems.
Not every health treatment works for every person, not every engine works in every car. In those cases, we know the reasons and the differences that cause incompatibilities. But when we don't know the "why"... why Study A says Blah Software sucks and Study B says Blah Software rocks, for example, we should not jump to the conclusion that THEY WERE JUST BRIBED. Such short-sightedness can be accurate (bribery certainly exists), but it risks blinding one from looking into real issues. It pushes supporters into looking for another scapegoat for every study they don't like, and when the real problems emerge, they blow them off as "FUD." And it leads people to believe, as long as a study is "independently funded," its reasoning and conclusions are sound.
God forbid I try to have an open mind about these things. Go ahead, mod me as a troll because I said "fuck."
Yeah, Windows fell flat on its face, and Linux toppled backwards laughing hysterically.
neck and neck, just like they say.
cyn, free software and *nix operating systems enthusiast.
Linux isn't secure. Check your assumptions.
Of course it isn't, but it is "secure enough" to operate without a firewall regularly without getting taken over by a random worm. Most people do not need to be too concerned about direct cracking since most people do not run high-profile targets or anything of interest to a cracker. Obviously you can get a locked down NetBSD box and run a virtual server and redirect to a honeypot or two and spend all your time parsing logs. The point is can Windows run as securely as the average Linux box without disabling the functionality you want to use it for in the first place?
If you go to Secundia and check their ratings of, for example, Microsoft Windows Server 2003 Enterprise Edition with, for example, SUSE Linux Enterprise Server 9, and RedHat Enterprise Linux ES 4, it looks like:
Microsoft: 7 less critical unpatched vulnerabilities
SUSE: 0 unpatched vulnerabilities
Redhat: 1 not critical unpatched vulnerabilities
My question is: Why didn't the article's author spend the 10 minutes of research I did? Granted, there's more to it that just grabbing summaries from Secundia. But, if the author couldn't even do that, how useful is quoting 'experts'? At least Secundia can make a believable claim to be unbiased.
As for 'neck and neck', 7-0-1 doesn't look 'neck and neck' to me. Unless, of course, its Bill's FUD noose around my neck.
"We are all geniuses when we dream"
- E.M. Cioran
How do you conclude Windows has more serious flaws than Linux. I've seen no evidence to support that claim. In fact a major security flaw in Kerberos was just announced (that isn't in the MS version). Your post is just anti-MS FUD
;))? The point is that the flaws within Windows and Microsoft software have simply affected too many people and businesses, and there are simply too many easy ways into Windows.
And just how many people are going to be infected tomorrow by this shocking Kerberos flaw on a Unix or Linux platform (Microsoft uses Kerberos you know
Microsoft's reaction with Windows 2003 has been to panic create several hundred permissions and group policy applications, most now off by default, to cover all the holes like sealing wax. Result? Nothing works and people simply don't have the time to deal with everything they might need, so they have to turn it all back on again. What's worse is that it simply isn't structured. People can have no real idea what is or isn't turning something off. If I start a service (and am stupid enough not to think about it) on a Unix or Linux system I know what I'm getting. If I start something on Windows 2003 it might sort of run, but it probably won't work for certain users except administrators and there'll be some setting somewhere (not in a universal place) stopping it. It makes testing an absolute nightmare. Quite how they think this makes them more secure, I don't know.
Microsoft have simply taken this 'off by default' thing they've heard about Linux and Unix and completely misunderstood it, or they've had to kludge things because their existing technology and software isn't up to it. That, I'm afraid, is simply not anti-MS FUD. It's just plain and simple reality.
Uh, the parent poster never concluded Windows has more serious flaws.
I can understand *YOU* could jump to the conclusion that people think Windows is less secure than Linux (because a lot of people have that personal experience)
But for all we can tell the parent posting that you flamed may have been suggesting that Linux had more serious flaws than Windows (as laughable as that sounds; considering most online brokerages are linux/apache according to netcraft; and most all the Department of Homeland Security sites are either Linux/Apache or Unix/Apache).
More likely he was just making an observation that often journalists falsely jump to conclusionsn that when two things have some risk, that they have equal risk.
A computer noob friend of mine likes to surf porn, and he lets his girlfriend's kid on the computer.
Guess who gets to reinstall windows?
After about the 4th time I reinstalled Windows I also installed Mandrake, with the instructions that he ONLY read his Yahoo! mail and porn on the Linux side and ONLY let the kid into Linux.
"You can click on anything," I told him, "but only on the Linux side."
Either way, when he boots his computer he enters no user name or password, whether booting into Linux or Windows. If I have to fix or install anything in the Linux side, then there's a password (the root password). Otherwise it just goes into KDE unless he stops it in LILO for Windows.
Could one of you fellows hack his box? Of course you could, there is no such thing as perfect security. And, although I know shitloads about computers, I'm no security expert.
However, he's not going to get any spyware, adware, or viruses in Linux, which is actually teh normal home users' only worry. Hell, I can't even get Yahoo messenger to work in Mandrake for him, how could anybody ever get a Linus virus to propogate?
Time to stop reading VUnet, methinks. Either they're clueless, or (more likely) paid off.
Which, Microsoft insists, is an integral and inseparable part of the OS.
Microsoft can't say on the one hand that IE is part of Windows, and then on the other hand claim that IE vulnerabilities don't count as Windows vulnerabilities.
There I have said it the the last time this week!!!!! You can not but Security is a box.
they are taking into account everything comes with linux i.e apache and the 16,000 other packages. Where when you buy windows you don't get very much.
I was going to say "with your mom" but I was effraid that people would think I though I was on a kiddy site
Then again, seeing some post in that thread...
Not using IE and using Firefox instead almost completely secures an up-to-date Windows box.
Dumping IE is a good step to take in improving the security of your Windows PC, but to say that one action "almost completely secures an up-to-date Windows box" is a dangerous oversimplification of the problem.
Firstly, despite the legal disputes surrounding the strategy, Microsoft has deliberately engineered IE into its OS. Windows 95 and NT4 and previous versions had no dependency on IE at all. On an "up-to-date Windows box" it is LITERALLY IMPOSSIBLE to completely "get rid of IE" on your system. You can remove the icon, make Firefox your default browser and so on, but IE remains in place. You cannot remove the IE rendering engine or any other "meat" of IE contained in system DLLs or you break a multitude of applications and important parts of Windows itself. No matter how hard you try to avoid it, you still need IE to do something as basic as keeping your system up-to-date and run your basic applications properly.
All that needs to happen is for an ambitious group cyber-terrorists to commandeer and taint one single system of servers--the Windows Update site--and the world's IT infrastructure can be brought to its knees. I know saying "all that needs to happen" understates the difficulty of pulling such a thing off, but it IS possible--and the point is that Windows Update is a very serious potential single point-of-failure. Even though Windows update is a huge site run by many many computers, it is still accessible through a single network address and maintained by a single company and operates the same way for everyone. The fundamental concepts behind Microsoft's Windows Update are seriously flawed and without constant vigilance on the part of Microsoft it could be the most serious vector of attack in the history of computer security.
Another fundamental design flaw of Windows from a security standpoint is OLE/COM/DCOM/Microsoft's RPC implementation. Microsoft themselves have acknowledged this with its efforts in Longhorn to create a new service-oriented programming framework for distributed applications (Indigo). Even in post-blaster 2005 there are still reported flaws around DCOM. Ever since OLE was introduced with Windows 3.1 it has been more convoluted than required to do its task, and even with this added complexity it was not designed with the highly connected world of today in mind. Eventaully COM would come out with the still klunky OLE2 interface built on top of that, and distributed application functionality would be tacked on with DCOM. Holding onto a foundation that had quickly become rickety for this long was a grave mistake. MS should've started pushing everything and everyone away from this whole kludgy mess ten years ago when it started becoming clear that the network would be central to computing.
Thankfully, there are limiting factors to the whole DCOM disaster in that home users don't really need the "D" part of it at all, so you can disable it in the registry and/or block its ports with a firewall. Unfortunaely, that doesn't fly in the corporate world as there are a lot of client/server products that rely on it to function (think ERP, industrial automation, custom integration systems and so on). This is why corporate adoption XP sp2 and 2k3 Server sp1 were not at all rapid (so much for the "up-to-date" part of your argument). Those service packs close up much of DCOM and break corporate apps. Thus, those updates are not rolled out until procedures are available to make updated PCs work with existing systems. Guess what? Those procedures generallyinvolve UNDOING some of the changes made in those SPs to secure systems!
I'm sorry, the headline of this article putting Windows at par with ANYTHING in terms of security is unconvincing to me. While it is true that there are some Windows systems out there that are better secured than some Linux or BSD and it might even be true that overall the implemented systems out there are equally secur
Does anyone have experience in using Linux desktop with everything running as root? Doesn't Lindows do this as default? I wonder how secure such a Linux is, when compared to fully patched Windows XP with a "normal" setup, in which the user is also an administrator. I think this boils down to: How safe is IE in non-administrator mode today?
so was Linux standing on it's head when they lined them up to compare?
Hey, Linux bugs are free! Their Microsoft cousins have to appease Red China.4 5-20050613MicrosoftBlocksWordsToAppeaseRedChina.ht ml
http://www.webpronews.com/news/ebusinessnews/wpn-
Get real, get VMS! http://www.openvmshobbyist.com/
I read the entire article, and it appears to be 100% fluff. THere is not one statistic, or even any made up data that is used to support the premise of the article. To paraphrase, the two experts that were interviewed are essentially saying: "Well, I think that maybe just possibly Linux has a security edge, but Microsoft has probably done some catching up with all of the security stuff they've been talking about, so I think that realistically I don't have any idea at this point what is better".
Wow. Thanks for that, guys.
\/\/oobie
When was the last time you saw a home Linux machine 0wn3d?
Home Linux machines are exactly the sort which get "owned." That's because amateur Linux lusers think that Linux is so secure that they can run superuser accounts with too many privileges, leave dipshit services like Telnet running, and leave root shells open, just waiting to be 'sploited.
How do you think University networks get r00ted? Amateur Linux lusers who configured their box wrong.
on security, why is it that the Space Shuttle was disabled due to a Windows failure?
...
Now if they'd just used Linux or some other Open Source product like BSD, we'd have the Space Shuttle back up there fixing the Hubble, but now they have to deploy the Military Space Shuttle and install those frickin lasers
-- Tigger warning: This post may contain tiggers! --
Surely a phonetic similarity between two words does not ensure that they are grammatically equivalent? Is there a reason for using 'boxen' to refer to multiple computers that is somehow more profound than a desire for linguistic cuteness?
Obviously, this neologism seems to be irritating a growing number of people on slashdot, and while I shan't tell anyone to stop using it, I do feel the need to point out that the implication that "boxen" currently is the grammatically correct plural of "boxes" can be proven blatantly false by looking it up in a dictionary.
"Linux has a slight advantage in that computer science students are learning it, but Microsoft has made life easier for non-techies, particularly with its improved patches."
This paragraph says it all.
First off, a system is only going to be as secure as the person who's using the system knows how to secure it. I've seen tons of Linux and BSD boxes with services running for no reason. Just check out Redhat's default installation and you'll see ports open all over the place that are not being used. At least that the way Redhat did things.
Secondly, Linux has 3 advantages over Windows.
1. The obvious. Linux should be more secure because it's a much simpler system than Windows! I don't think anyone can deny that. Wouldn't make sence if Linux was less secure than Windows, especially since lots of it's functionality was taken from more time proven Unix systems.
2. The people who use Linux are more likely to be experienced computers users than their Windows counterparts. Linux doesn't have to appeal to a bunch of mouse clickers who expect things to work all the time. Us geeks are willing to bend over backwards to make things work.
3. Windows operates over 90% of the world's computers, so hackers and virus writers have a much bigger target. Besides, it wouldn't make much sense for anyone to write viagra adware for Linux when most of it's users aren't even getting laid!
I noticed this over at whitedust.net eariler today, along with their interesting article on a explited and unpached (on 98 and ME) buffer overflow in Window's Color Managment Module..
It would seem that linux and windows have changed quite a bit in the last few years, but also the attack vectors have gotten more serious and sophisticated.
Comment removed based on user account deletion
The first dozen or so comments will be crying "FUD!"
You have tried to support your argument with faulty reasoning! Go directly to jail; do not pass Go, do not collect $200!
An elitist group known as The Living has long believed that they were inherently superior to their rivals The Dead, but statistics are showing a shift and some clear advantages for The Dead.
The Dead use no gasoline, an advantage increasing over time as prices rise and supplies dwindle.
The Dead never argue.
The Dead are more loyal. While there are rumors of switchers, there are only proven cases of switching from The Living to The Dead, not the reverse.
Some evidence of future switchers has been seen in political office where The Brain Dead have a significant presence.
The Dead have a well established installed base.
Some of The Dead give their all for recycling.
The Living are still generally more highly regarded for dating even though some are only vaguely familiar with the activity.
I've always maintained that an OS is secure as the people that run it and the programmers that write the code which runs on it.
Linux seems more secure because the people that run it generally know a hell of a lot more about programming it and administering it, than an MCSE who passed his exams, but doesn't really know that much about real world computing.
I know an MCSE, who after passing his exam (and had the requisite ego inflation that inevitably occurs) query me with "how do I ftp a file?"
Lets just say there are a few knowledge holes there if that guy is running the network.
Contrast that against someone who builds linux boxes. You aren't going to get that webserver to serve web pages, without a how-to, unless you know what you are doing, period. Anyone that's been around the block enough to build a linux web server from source, and can do it without cracking "the book" is going to have a great deal of knowledge about dns, SSL, firewalls, and hopefully networking.
I'm sorry but the point and click crowd isn't going to build a more secure network than someone who can build his own firewalls using IPTABLES.
I am not saying that all MCSE's are clueless, a good deal of them aren't, but the barrier to entrance to run ms products is significantly lower, which leads to more inexperienced people administering boxes. Knowing your OS isn't enough, and most of them think it is.
This is what makes some ms networks dangerously vulnerable. This won't happen in a fortune 500 network, but in mom and pops all over the country, I bet I could get into more, than less, of them within 15 minutes of the first cracking attempt, and most will be ms servers set up by people that should really be studying computers, not setting them up.
l8,
AC
The security bugs keep getting worse every version since then..
If you could get only one of these to validate the systems in their own field, you'd have some valuable data. If you could actually get several - or even most - to do so, you'd have a comprehensive analysis of both systems, by people who are focussing on their specialist areas, with minimal risk of outside influence.
Furthermore, with such a comprehensive study, both Linux and Windows developers would be armed with valuable data for eliminating those flaws that do exist, which would be in everyone's interest.
The problem would be getting the kind of funding needed to conduct such studies - these places don't come cheap, and we're looking at REAL work, not just skimming CERT and running a word-count. I doubt Microsoft would be willing to fund the Linux side, even if they were willing to fund their own. (And if they were THAT willing to fund their own, they would have done so by now.)
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
don't you think the main reason why there's so many worms for Windows and so few for Linux is that there are a hell of a lot more victims for Windows worms?
No.
The main reason is that the Microsoft HTML control is inherently insecure and unfixable without modifying every application that uses it to use a new API that puts that application in charge of determining what capabilities documents displayed via the control have, regardless of what 'security zone' they are in.
That is absolutely critical. There must be no mechanism in the browser itself for a script to request "unsandboxed" control, or for the document to request an ActiveX control that is not already installed and explicitly registered as a sandbox component. Not even if the user "approves" it through a security dialog. It must not be possible to initiate this from the document rather than from the application, no matter where the document is, no matter whether it's "trusted" or not.
Every time Microsoft comes out with a new service pack or hotfix I predict that a new way will be found to fake the system out. SP2 was supposed to be it, but no, they've just had to release a new hotfix because someone found an unsafe embeddable component that wasn't ever intended to be used from the browser. There will be more.
Back before 1997 "there's more Windows boxes" was a real point. But when Active Desktop was released that all changed. I managed to get IE and Outlook banned at work. A little while later the flood of viruses and worms started, almost all based on tricks that fooled the HTML control used by Outlook into embedding and running them. And that's continued to be the main engine driving the rich viral ecosystem on Windows ever since. Oh, there's unrelated exploits, and social engineering, but a virus writer can always go back and look in the HTML control when all else fails.
What about the BSD's? And O.S.-X for that matter? I've been a X user since 10.1 and haven't had a single security issue. One day, my av software detected a Windows virus which didn't affect me but I thought I'd be nice to the Windows crowd and let the av software get rid of it.
I love not having Windows issues.
I personally believe it is not the security holes themselves but a.) how severe they are, and b.) how they are handled. The difference between Linux and Windows on these points is very stark, with little to "muddy the water." 'Critical' Microsoft updates are much more common than you will find on the linux platform. But even that is not nearly as important as how the issue of security is taken. My problem with Microsoft is that security for them still means bad press and politics. Microsoft does not want to announce security holes to the public, they don't want to give details, and they won't be pressured into issuing a patch until they are damn good and ready. The linux community is quite different. Security holes are discovered and readily broadcasted. This communication leads to an immediate concerted effort to fix the problem, and it's done. Time to patch through the open source model is quite superior. An open security policy as far as communication is concerned is absolutely vital for everyone. Microsoft has the notion that they own the software despite the fact that I buy it. Linux has no such delusions. Linux is yours, or collectively all of ours. Windows is owned by Microsoft, and you get to "rent it" or "license it." But as a home user or system administrator I want to know what is happening with my operating system -- I want to know what it is doing, what might happen, etc. With Linux I have that luxery... with Microsoft, I don't.
Oh yeah, they're equals in terms of security.. Minus the tons of malware and viruses avaliable for Windows! Buhzing!
Debian: 38% unpatched 69% remotely exploited
WinXP pro: 25% unpatched only 61% remotely exploited
Pay no attention to the totals...
Can you be Even More Awesome?!
All the articles people have written on which system has the most vunerabilities seem largly irrelevant in the real world. There are hundreds of thousands of servers of both platforms out there doing real work.
What percentage of them have been cracked? That is the important fact, rather then theoretical lists of improbable attacks. Are there any accurate statistics for this?
And the developer problem is the constant lack of information or deliberate misinformation from microsoft as they try to protect their monopoly or move into the developer's area. Take the recent Blackberry sync problem with outlook for a recent example. Remember the Netware popup dialog box "feature" many years ago.
Is it a Bug or.....a Feature.
From win3.1 to today, the beat goes on.
OSS does not screw the developer because everything is in the open. There is no place to hide features.
I don't know about you, but I hear all kinds of interesting things when hiding in the clothes rack while stalki^H^H^H^H^H^Hgoing shopping with my girlfriend.
...but sometimes I get a feeling that Linux is used by some people to feel like a smug elitist nerd. You know, install it and then you can sit back and laugh at the poor windows fools who probably know just as little about security as the person who is feeling all 1337 by using linux. I'm not saying all Linux users are like this, but I'm sure there is a good percentage. I mean any OS can have gaping security holes, depending on the implementation. When I was at uni a friend of mine managed to get pwd logging software on a persons account because it was easy for a non-savvy user to think they had logged out when they hadn't. Being the joker that he was, he thought it would be incredibly funny if that logging software would mail to pwd to my account, off to the sysadmins office I went for an account suspension. I got my revenge though, by sending nulls to a file that stored his login info (I don't remember the details, it was a LONG time ago) to forcably log him out while he was working. Pretty lame-brained idea considering they were watching my account, back to the sysadmins office I went. Lets not also forget the first internet worm I can recall was the one that would use a gaping sendmail exploit to send spoofed mail messages from server to server. It really was as easy as telnetting to port 21 on a unix mail server and writing the email header in a text editor. So you can laugh all you like about the chequered history of Windows, but unless you recognise that Unix had just as shaky beginnings, you are only looking at half the story.
Blessed are the 1337, for they shall pwn the earth.
Congratulations, Windows! We're happy to have you up here with us.
PS: 'bout damn time.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
The biggest threat to security these days isn't in the OS anymore,
Uh, huh.
Let's see. Windows *has* made some improvements.
Windows 9x got patched, so that it didn't trust the remote end as to the length of the password on a share (and only check that many digits). I remember watching Wargames and thinking "Hollywood sure is unrealistic. Nobody is stupid enough going to build a system where a password can be extracted in linear time by scanning each digit." A couple of years later, after polishing up an exploit I wrote that did exactly that, remotely, over the Internet to 9x boxes, I had to amend that statement with "unless it's Microsoft".
What else has been improved in Windows security? Hmm...oh, yes. There's no longer a default account of "Administrator" with a blank password. Couple that with automatically, by-default enabled (but "invisible" to any users of Microsoft SMB clients) administrative shares and just to spice things up, re-enable any administrative shares that the security-seeeking user has disabled on his last boot, and you had a quite depressing situation, with a huge horde of Windows NT users enthralled with new Internet connection to their computer providing full Administrator rights to every file on their hard drive. To every user on the Internet. Yeah. Microsoft got rid of the default blank password, and then (after claiming that "system administrators were the problem for not putting the Windows machines behind firewalls") added a firewall that could block, by default, any connections to SMB from Internet-routable IP addresses. Instead of securing the thing or disabling it, they slapped a lid over it, so that an intruder has to wait until he penetrates a corporate network to start running hog-wild within. I guess it takes him another five minutes -- he has to shotgun the domain's email addresses with a trojan that opens an http connection to the outbound world and wait for a user inside to run the thing. There might be a cracker somewhere who was stopped by this, I admit.
I *do* notice that Microsoft still grants users "bypass traverse checking" by default. Real intuitive, you know? Jim the Administrator, who is a poor, naive Unix admin, who hasn't yet been ass-reamed by Windows' security architecture, who is used to computers being really simple and logical to securely administer, creates a "private" directory that only he has access to, and sticks documents that people shouldn't get at in said directory. Of course, he doesn't know that if there are any files in there that have DACLs that fail to prevent users from accessing them, Microsoft has cleverly allowed any user to bypass the directory permissions. That's right -- if you know the pathname of an unprotected file somewhere in a protected directory, on a vanilla, out-of-box Windows system, you can cruise right past the restrictions on the directory, ignoring them. Hope you've never, ever accidently granted someone rights on a file when you didn't intend to, because on Windows, being in your private home directory isn't enough to secure that file. Keeps Windows users on their toes, makes things exciting, and makes sure that people don't start expecting intuitive behavior from Microsoft.
Oh, let's see. What else...has been fixed? Well, there was Microsoft's twin Outlook innovations of (a) ramming any email that came in right into a complicated, almost-impossible-to-insecure full-blown HTML renderer with programming language support, and (b) allowing a single click to execute any attachment, and making the UI for "execute" be the same as "open file". Now, the first made cross-site scripting attacks, which were previously kind of limited and boring, turn into massive worm-vulnerable holes that could take down networks every time MSIE has a bug, and made the "Good Times" hoax a reality. The second made sure that, given the infinite supply of people who reasonably expect the OS to prevent a single click in a program regularly used from wiping out their computer, there
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Linux cloned the Unix environment which early on was a multi user networked environment, used by many universities where students could wreak havoc. Many design decisions were made to improve security early on.
And God bless each and every one of 'em for giving me a secure OS today.
Any program relying on (nontrivial) preemptive multithreading will be buggy.
Angry! And sad. Very sad.
Ya know what, screw all these "insightful, in-depth analyses of Windows versus Linux comparisons" (which this article most certainly is not!); the real tale is in the companies that succeed because they use Linux and don't have to put up with:
1. 25M downloads every other week because Microsoft is vainly trying to patch every hole in a sieve.
2. 2:00 AM scrambles to patch systems because of the latest virus that infected every system in a company-wide network because of yet another "recently-discovered" (means Microsoft knew about it 3 weeks ago but judged it was not a threat) security hole.
3. paid outrageous amounts of money to upgrade to the next version of Windows to fix all security problems only to find that the new version of Windows brings more security problems than it fixed!
Let the market decide! Pretty soon Microsoft will find itself with 0 revenue because their continuing security problems have driven all of their loyal customers out of business!
and it's constantly hanging around it's neck.
Join the Slashcott! Feb 10 thru Feb 17!
This problem keeps coming up.
Windows should be compared to KDE/Gnome, Kernel, Base tools, the c-library, authentication to log in to the system. Period.
A windows server component should be compared to samba.
IIS/ASP should be compared to Apache/PHP/Perl/etc.
MSN should be compared to GAIM (or equivalent)
(in fairness) IE should be compared to Firefox/Konqourer/etc.
This isn't rocket science. But people put the kitchen sink in Linux (which is good) but then whine when it requires some serious updates every week.
Most vulnerabilities in openSSL affect rare cases and in almost all of them it is when running it as a server (and the affect is usually misvalidation). zlib buffer overflow is mostly server stuff (and being at a console for the kernel) taht is affected.
People- lets compare the components separately. If windows doesn't do it out of the box, you can't compare them fairly on security. Linux does more in more complex ways, and is open source.
-M
when you see the word 'Linux', drink!
The subject says it all...
-=Linsys=-
http://www.intrusionsec.com
If I start a service (and am stupid enough not to think about it) on a Unix or Linux system I know what I'm getting.
Just to be fair, you have to remember that by default, a lot of distros launch a hell of a lot of unnedded services (Fedora does this), so you don't need to "start" a service, it's already mischievously running. You have to positively act out to stop those useless services.
I believe OpenBSD is the best in this area since I think it has a "not running by default" policy. Even though I'm an Ubuntu/Debian person myself.
Windows has many distros. 95,98,2000,XP,Server 2003. Several of these distros don't have IIS at all. Some of these distros have versions. XP has regular, SP1, SP1a and SP2 versions.
You seem relatively smart, yet you can make a mistake of not differentiating the versions/distros of and OS, instead using a generic term. Yet you say others who make murky assertions about Linux are full of horseshit. Why not be understanding and see that others can easily make the same mistakes you do?
http://lkml.org/lkml/2005/8/20/95
OMG this person acts like he/she is going something about the guy asking him to stop saying boxen. Your just a bitch ass faggot. You wont do shit except say "Oh, yeah, and I'll say b0x3n whenever I damn well please. Nooch." Oh yeah and you shouldnt even have a right to say boxen because you cant even type right you dumbass. Lastly what the hell does nooch please. That has to be on of the fucking gayest words i have ever heard. You are the king of duesch ville. You are a swirling vortex of duesch. You should go jump off bridge and befor you jump you should put a bag over your head as you are doing it because nobody wants to look at you. Nobody would even miss you neither. Who the fuck says nooch. I guess that is his code name for his gay lover. Come here nooch and bend over and ill show you where the ballon animal goes. You are the biggest bitch ass in the world. All you can say to the guy is nooch. You are a duesch flamming homosexual who tosses his own salad with his finger.